The Microsoft Exchange On-Premises integration provides tools for security analysts to contain and remediate phishing and spear phishing email threats in on-premises instances. Before you can use the Microsoft Exchange On-Premises integration, you must download it from the ServiceNow Store and identify the appropriate Exchange and MID servers.

Before you begin

Role required: sn_si_admin

Procedure

  1. Download the integration from the ServiceNow Store.
  2. When the installation os complete, navigate to Security Operations > Integrations > Integration Configuration.
    The available security integrations appear as a series of cards.
  3. In the Microsoft Exchange On-Premises card, click New.
    Microsoft Exchange On-Premises Configuration
  4. Fill in the fields, as needed.
    Field Description
    Name The name of this configuration.
    Exchange Server Specify the Exchange server to be used.
    Note: Configuring this integration activates flows. To manage the flows, navigate to the Workflow Studio/ Flow Designer..
  5. Click Submit.
    The integration configuration card displays.
  6. When viewing the new configuration card, you can click Configure or Delete to change or delete the configuration, respectively.
  7. To return to the original list of integration configuration cards, select No from the Show Configurations drop-down list.
  8. Navigate to Orchestration > MID Servers.
  9. Open the record and verify the status of the MID server which is reachable to the exchange server and its Status option is set to Up and Validated option as Yes.
  10. Add the MID server capability:
    • Select the respective MID server to add the capability.
    • Click on the Capabilities related list and click Edit.
      Figure 1. MID server capability
      MID server capability
    • Remove All and add Microsoft Exchange Server for SecOps.
      Adding capability
    • Select the IP Ranges from the Related Lists section and set the value to either ALL or any desired value.
    • Select the Supported Applications from the Related Lists section and either set the value to ALL or Orchestration.
    • Save the record.
  11. Validate the connections & credentials.
  12. Once the credentials are validated, the configuration on ServiceNow instance is complete and is ready to perform email search and deletion operations using this integration.